Ensure RDS instances are not publicly accessible
Error: RDS instances are publicly accessible
Bridgecrew Policy ID: BC_AWS_PUBLIC_10
RDS instances are publicly accessible
AWS RDS is a managed DB service enabling quick deployment and management of MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server DB engines.
We recommend you encrypt RDS functions as an additional layer of data from unauthorized access to its storage. RDS native encryption helps protect your applications deployed in the cloud and easily fulfills compliance requirements for data-at-rest encryption.
Fix - Runtime
To change the policy using the AWS Console, follow these steps:
- Log in to the AWS Management Console at https://console.aws.amazon.com/.
- Open the Amazon RDS console.
- On the navigation pane, click Snapshots.
- Select the snapshot to encrypt.
- Navigate to Snapshot Actions, select Copy Snapshot.
- Select your Destination Region, then enter your New DB Snapshot Identifier.
- Set Enable Encryption to Yes.
- Select your Master Key from the list, then select Copy Snapshot.
Updated almost 2 years ago